Apache Redirect Root URL to Subfolder

The Apache HTTP is able to redirect traffic to a specific URL with use of the Apache mod_rewrite. mod_rewrite can do at least 100 other things and I’ll include some of those in a later blog post.

Let’s take a look at a simple redirection of traffic from / to /mysubfolder.

For example, this would redirect all traffic sent to http://www.jamescoyle.net/ to http://www.jamescoyle.net/mysubfolder/

This can be very helpful when you are using a reverse proxy and the application you are proxying is on a sub folder in the URL path. You can simply use this technique to redirect all users to the subdirectory folder path.

Make sure the module is enabled. In Ubuntu you can simply run the a2enmod command however in RHEL/ Cent OS you may need to add the module manually to your httpd.conf file.

1

a2enmodrewrite

Then in your sites file you will need to add the following code.

1

2

3

RewriteEngineon

RewriteCond%{REQUEST_URI}^/$

RewriteRule(.*)/mysubfolder/[R=301]

RewriteEngine on is used to specify to Apache that this site will use Rewrite rules to transform the URL

RewriteCond is the match part of the pattern. If the URL matches this pattern then RewriteRule will be applied. This particular pattern is checking if the requested URL path is equal to /.

RewriteRule is going to add /mysubfolder/ to the URL which only contains the domain due to the above RewriteCond already performing the check.

AuthzLDAPAuthoritative specifies to Apache that LDAP/ Active Directory authentication should override any other form of authentication.

AuthLDAPBindDN is the user DN which Apache will bind to when connecting to your LDAP/ Active Directory server.

AuthLDAPURL is the LDAP/ Active Directory URL which specifies your LDAP/ Active Directory server, the location where the users are stored within the directory and the attributes which will be used as a username when authenticating.

AuthType is the type of authentication which will be used. Basic gives us the dialogue box to enter our credentials.

AuthName is the text which will appear in the login dialogue box. This can differ depending on the web browser.

AuthBasicProvider specifies that we will use LDAP as the authentication mechanism.

AuthLDAPGroupAttributeIsDN when set to ON this option specifies to use the DN of the user when checking for group permissions in the LDAP/ Active Directory server. Otherwise the username will be used, in this example sAMAccountName.

AuthLDAPGroupAttribute is the attribute in the LDAP/ Active Directory server which is used to check for group membership.

Require when set to ldap-group indicates to Apache that the user must be in the specified group to allow access.

Some web applications I work with are only available on a URL similar to http://hostname/application. This causes problems when giving the URL to users as they sometimes forget the /application part and receive an unhelpful page they are not looking for or worse, an error.

Using mod_rewrite in Apache2 we can force any traffic matching a specific URL to another URL of our choosing. For this example, we want to direct users landing on / to /application. Notice these URL strings only need to include the path.

Make sure mod_rewrite is enabled in you Apache2 configuration. On Debian flavour distributions you can use

1

a2enmod rewrite

For Red Hat type distributions, you need to uncomment the line containing mod_rewrite.so in /etc/httpd/conf/httpd.conf.

A basic redirect matching rule has two components. What URL to look for when redirecting, and where to send the traffic.

Edit the vhost file which you would like to include the redirect. For example:

1

/etc/apache2/sites-available/default

And add the following inside the <VirtualHost> tags.

1

2

RewriteEngine on

RewriteRule^[FROM]$[TO][R=301,L]

You will need to replace [FROM] with the url you would like to direct and [TO] should be the URL of where to send the user. For example, the below rule redirects users going to / to /myapplication

Background

Apache can be used as a reverse proxy to relay HTTP/ HTTPS requests to other machines. This is common practice and comes with two main benefits:

Security – Your Apache instance can be put in a DMZ and exposed to the world while the web servers can sit behind it with no access to the outside world.

Reduce load – You can reduce the load on the web servers with various methods such as web caching at the proxy, load balancing and deflecting traffic for invalid requests.

The interesting stuff – ProxyPass

To set up Apache as a reverse proxy server you will need to enable mod_proxy. Some other common mods you may need are below.

mod_proxy

mod_http

mod_headers

mod_html

To enable mods in Ubuntu/ Debian you need to make sure they are installed, then enabled. For example, installing and enabling mod_proxy would look like this:

1

apt-getinstall libapache2-mod-proxy-html a2enmod mod_proxy

Once these mods are enabled, we can begin editing the Apache config. The locations of these vary depending on your Linux distribution. For RHEL based distributions, this will be your httpd.conf; for Debian based, sites-available/default.

Inside your VirtualHost tag create a Location tag which matches the external path you wish to use. For this example we will use /.

1

2

3

<Location/>

# commands go here

</Location>

Inside the Location tag add the proxy options ProxyPass and ProxyPassReverse followed by the site address which will be the target of the proxy. You will also need a couple of lines to allow access.

1

2

3

4

ProxyPasshttp://mywebsite.jamescoyle.net/

ProxyPassReversehttp://mywebsite.jamescoyle.net/

Orderallow,deny

Allowfromall

Outside of the location tags, towards the top of the virtual host add a few extras:

1

2

3

4

ProxyHTMLStripCommentson

ProxyRequestsoff

SetOutputFilterproxy-html

ProxyHTMLDoctypeXHTML

If you will be proxying SSL traffic, you will also need to add:

1

SSLProxyEngine on

Restart apache or reload the settings for the changes to take effect:

1

service apache2 reload

You will now have a working proxy – all requests sent to / will be fetched from http://mywebsite.jamescoyle.net.

Example Apache reverse proxy VirtualHost

The below example shows an Apache VirtualHost which is listening on port 80. The confiiguration accepts requests on which match the www.jamescoyle.net hostname and proxys the requests to the backend server mywebsite.jamescoyle.net.

Background

Apache VirtualHosts are something of a must for running multiple sites with different web address, all under the same physical server. Using VirtualHost tags you can easily direct traffic for www.domain1.com to one location, and www.domain2.com to another even when both domains point to the same IP address.

I am not going to detail VirtualHost directives here, however I will tell you about the recent issue I had with subdomains and this very blog. A long time ago I had a subdomain redirect.jamescoyle.net which is no longer in use. At the time, Google got hold of this and kindly indexed it for search. The trouble was that redirect.jamescoyle.net points to the same IP address as www.jamescoyle.net even though it is no longer in use. Apache used to be set up to handle the two sub-domains differently but the VirtualHost entry for redirect has since been removed. This means that Google now has an index of this blog on both www.jamescoyle.net and redirect.jamescoyle.net – not ideal to say the least.

What I needed was something which took users of www.jamescoyle.net to this blog, and redirect all other sub-domains to it. After trying numerous directives and ServerName/ ServerAlias options I stumbled upon the answer.

The Interesting Stuff

Apache will respect any ServerName or ServerAlias option until a domain is used which doesn’t match any VirtualHost. When this happens, the very first VirtualHost for that port (usually port 80 for http) is used as a ‘catch all’.

For RHEL based flavours of Linux, it would make sense to add the ‘catch all’ as the first VirtualHost entry in httpd.conf. For Debian based distributions, the default and default-ssl would be the place as these files have a symlink starting with 000 meaning it will likely be loaded first.

To illustrate the resulting configuration, see the below (albeit simplified) files in sites-available/

default

1

2

3

4

5

NameVirtualHost*:80

<VirtualHost*:80>

DocumentRoot/var/www

Redirectpermanent/http://www.jamescoyle.net/

</VirtualHost>

www.jamescoyle.net

1

2

3

4

5

6

7

8

9

10

<VirtualHost*:80>

ServerNamewww.jamescoyle.net

DocumentRoot/var/www

<Directory/var/www/>

OptionsIndexesFollowSymLinksMultiViews

AllowOverrideNone

Orderallow,deny

allowfromall

</Directory>

</VirtualHost>

All requests for www.jamescoyle.net will be managed by the second entry and all other domains will be managed by the first and redirected to www.jamescoyle.net. Give it a go: abcdefg.jamescoyle.net